In r80.20 /.30 we introduced new limitation on load sharing with VPN (Due to maestro code main train unification, we took the maestro side and broken the main train side. Since the usage is low, it was the best tradeoff among the alternatives).

Due to the type of limitation, we decided to block the whole feature temporarily till we will make it clearer (so user can understand what is working). We are now in the process of enabling the large part of load sharing that does work, on r80.30. If you need this more urgently, contact our solution center to get assistance till we complete the publication of it (as its artificially blocked). 

Load sharing with vpn is still blocked (this requires development) and we will bring it back but in future release (most cases i saw that did use load sharing, didnt need the vpn aspect so the above should cover the vast majority). 

Dorit

today: all load sharing is blocked except maestro

working to certify: enabling load sharing without vpn on R80.30 (can be done now if urgent contact us)

later after more development: load sharing with vpn 

Hi Dorit,

Thank you for clarification.

However, can you estimate the time that the Load Sharing mode will be back in R80.20 and R80.30?

As I know if the customer wants to use this functionality they need to implement with R80.10, right?

I am quite implicit above: if you need non-vpn load sharing, you can get it now over r80.30 if you can contact us or wait to get it published publicly 

If you need vpn load sharing, we still need to develop so it will be on later release

If you are not clear, i recommend you will work w our local sales to further understand 

Hi Dorit,

I got it now. Thanks for clarification again.

Thanks for the new and informative SK, is there some reason that the lifting of the ClusterXL Load Sharing restriction is not shown in the "list of resolved issues" for the R80.20 and R80.30 Jumbo HFA takes?

Technically, load sharing vpn is still limited, ... so in order to avoid mistakes and the ui is technically still blocked (unless you open it).

Therefore you need to read the sk to open the ui and the release notes direct you to the sk 

We have been waiting for a supported release that works with Cluster Load Sharing. 

This is a major reason while we are evaluating other Firewall Solutions. I have been told many times by support that load sharing is not a recommended solution.

It still doesn't solve the problem because it supports ClusterXL Load Sharing WITHOUT Ipsec VPN.

Indeed 

(1) Very small percentage used VPN w load sharing which is why we allowed this limitation in the first place 

(2) This part (the VPN w load sharing) required more complicated resolution vs the Maestro / scalable platform VPN. Therefore we gave priority to integrating the high end into the maintrain at the cost of not supporting load sharing w VPN in the short term

(3) We have a function called solution center that helps us resolve such missing pieces when they impact the business, by driving formal commitment to complete certain functionality by a certain date (they will deliver a formal commitment). Please leverage your local sales team or contact @PhoneBoy off line to get assistance 

As mentionend before, you currently can use either VSX VSLS or Maestro to overcome this limitation !

Hi All,

It seems load sharing has been disabled and i have checked with R80.40, R81 and R81.10 with HFA installed

Did you follow all the instructions in the SK?

Hi Chris,

FYI, we are using R80.4 with Take 173

1.  Sticky already enabled.

Possible to advise what other steps are needed?

Did you already set the environment variable per sk162637 to get access to the configuration?

Also,  steps below have been done.

1. Edit the cpm.sh file:
• On a Security Management Server:
  vi $FWDIR/scripts/cpm.sh
2. Go to the end of the file and find the last line:
   exec $JAVA_HOME/bin/java ...
3. Above that last line add this new line:
   export ENABLE_CLUSTER_LOAD_SHARING_R80_20=1

What about the client side steps for SmartConsole?